74931 – GtkSalFrame::UpdateSettings() can crash if it can't get an unused graphics instance

Bug 74931 - GtkSalFrame::UpdateSettings() can crash if it can't get an unused graphics instance

Summary: GtkSalFrame::UpdateSettings() can crash if it can't get an unused graphics in...

Status:	RESOLVED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	LibreOffice (show other bugs)
Version: (earliest affected)	Inherited From OOo
Hardware:	Other All

Importance:	medium normal
Assignee:	Chris Sherlock

URL:
Whiteboard:	target:4.3.0
Keywords:

Depends on:
Blocks:

Reported:	2014-02-13 14:56 UTC by Chris Sherlock
Modified:	2014-02-14 09:08 UTC (History)
CC List:	0 users

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Sherlock 2014-02-13 14:56:13 UTC

In GtkSalFrame::UpdateSettings, we need to get an unused GtkSalGraphics instance with which to update the settings. To get the graphics, we call on GtkSalFrame::GetGraphics, however the semantics of this function are such that if it can't find an unused graphics then it will return NULL to let us know. 

Unfortunately, we don't do a NULL check, and just assume that it will always return a valid graphics pointer. Hence LO will crash.

Comment 1 Commit Notification 2014-02-14 09:07:44 UTC

Chris Sherlock committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=64fe9c6fd5888a7eeed34a20787d2d61da02378f

fdo#74931 Prevent UpdateSettings from dereferencing null pointer



The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.